IT Governance, Risk and Compliance

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

Tom Bowers, vCISO for ePlus and their clients, will cover what he sees as the looming threats for 2016, including Threat Intelligence and Sharing, State Sponsored Code and Commercial Malware, Security of Big Data, Embedded Systems, and the Physical and Cyber Convergence.

Email is #1 source of risk in today's enterprise, yet also the #1 digital communication channel for businesses today. The United States Postal Service sends more than thirteen million emails per day, which makes their email channel and brand a high-profile target for criminal email cyberattacks. In this case study webinar, hear from Michael Ray, Inspector in Change of Revenue, Product & Cyber Security at the United States Postal Inspection Service, as he shares their story of how they implemented Agari to protect their brand and their customers against fraudulent attacks by securing their email channel.

Customer data is complicated. It lives everywhere and changes frequently. Creating a holistic view of the customer journey can be a challenge, even as the opportunities are obvious. Join Larry Drebes, Founder and CEO of Janrain for lessons learned from thousands of enterprises, challenges with different approaches to customer data management, and the benefits of managing customer identity in the cloud.

Operating from the belief that education is the most powerful weapon, one of our foremost security researchers will provide an analysis on a recently documented stealthy malware family named Stegoloader. Our upcoming webcast will unveil the sophistication of Stegoloader’s characteristics which make it hard to analyze and detect. This webcast will help you understand the nature of Stegoloader in order to counter it more efficiently and effectively.

Pierre-Marc Bureau, Senior Security Researcher from the Counter Threat Unit (CTU), will discuss how Stegoloader cloaks its main component as a harmless Portable Network Image (PNG) while it extracts and executes malicious code hidden within an image. Although CTU researchers have not observed Stegoloader being used in targeted attacks, it has significant information stealing capabilities. Malware authors are constantly looking for ways to adapt and improve detection mechanisms, which makes Stegoloader a prime candidate for cyber-criminals arsenals. Learn how digital steganography may be a new trend for threat actors globally.

In this webcast, you will:

- Gain insight on when and where Stegoloader was first encountered.
- Learn characteristics of Stegoloader and how it operates.
- Understand digital steganography trends and how to detect and remediate.

The rise in e-commerce data breaches over the past year raises important questions: Why is cardholder data such a big target, how do the bad guys get in and why are we seemingly powerless to stop them?

This session will examine the black market for card data, the three most common attack vectors, and the wrong way to encrypt databases.

You will see real-world examples of malware discovered during investigations and gain insights into the skill sets of each attacker.

A seemingly never-ending string of large scale data breaches across all sectors of the economy and government have had devastating affects on countless individuals — and irreparably damaged organizations of all kinds. It’s been proven that privileged users, and the accounts and credentials they use, are a crucial element in conducting a successful attack. But it’s possible to protect those users and stop data breaches in their tracks.

In this webcast, we’ll explain how Xsuite and privileged identity management can stop attackers at multiple points in the data breach lifecycle, preventing damage and disruption. Join us to learn:

- Who are privileged users and why are they important?
- How do attackers exploit privileged users and their credentials to carry out breaches?
- See a hands-on demonstration of Xsuite and how it can manage, control, and protect privileged users and credentials and your business assets.

Register now to join us live at 1:00 pm ET Thursday, July 30, 2015 or on demand afterwards.

In this webcast, we will go over Qualys hardware and virtual scanner appliances for internal and external vulnerability scans. We will then demonstrate how you can discover various assets in your network, prioritize them, execute vulnerability scans, and generate reports that would suit your needs.

The world of IT security is undergoing tremendous change. The unstoppable momentum of the Internet and cloud computing, the ubiquity of mobile devices and the emergence of Internet of things have together turned the IT security landscape upside down.

So what can you do today to keep your security ahead of these trends?

This webcast will discuss actionable best practices gleaned from more than 5,000 leading global organizations - including United Airlines, Humana, Sealed Air, British American Tobacco, the United States Marines and NATO.

We will also talk about:

- The latest strategies and techniques cyber-criminals are using today
- Concrete steps you can take to keep your organization safe
- What to do about Internet security in today's cloud and mobile first IT landscape

This presentation will provide an overview of contextualization and how contextualized data can be used to prevent both known and unknown threats. It will dive deep into the technologies used in the collation and analysis process across both single and multiple threat types. It will conclude with real world use cases where contextualized data can help identified and prevent threats.

As security incidents grow in frequency and complexity businesses struggle to be prepared to respond and mitigate the threat. Incident detection and response is expected to take up the majority of security budgets by 2020 but solutions are siloed and specialized staff is hard to hire and retain. How can security professionals who may not be experts in incident response detect and assess the scope of potential incidents or breaches effectively? This case study will explore this question leveraging real-world examples that illustrate how to confidently detect and respond to security incidents 10x faster.

Consumer-Scale Identity Management Deployments require different approaches than the typical employee use case. However, there are profound benefits - from overall risk reduction to enhanced engagement and loyalty with customers. This webcast will highlight the key challenges in moving identity management from the IT user to a much larger business user population and highlight best practices for success.

As a two part series, this webcast will be followed by "Improving Your User Experience for Successful Consumer-Scale Identity Management", scheduled on August 19th.

Are you prepared for a data breach? Are you confident you will find a breach in a timely manner? Facts are over 70% of businesses report a security breach and 75% of breaches are undetected for days or even months. Once discovered, incident response teams are under extreme pressure to close the breach, figure out what happened, what was lost, and calculate the risk. Organizations need a sophisticated incident response plan.

Join data security expert Graham Cluley as he presents a mid-year review of the information security stories that have made news so far in 2015, and how the predictions he made in our January webinar have fared.

With over 300,000 new pieces of malware created every day, company data has never been at greater risk. Hear from Graham about the vulnerabilities and risks that remain, and what organizations can do to address them.

All webinar registrants will receive a copy of Graham’s report “Information Security in 2015: Just how much worse can things get?” on 2015 threats and keeping your data safe.

Over 90% of targeted attacks start with email. Criminals create very convincing emails to trick your users into clicking on a link, opening an attachment, or replying with their credentials. The attack methods criminals employ with phishing emails are constantly changing and so must your email security to block these attacks before damage occurs. Learn about the newest trends in phishing email attacks and how to protect your organization.

The SHA-1 algorithm at the core of many SSL certificates is in danger of being compromised by criminals. Google, Mozilla, and Microsoft are phasing out SHA-1 support in their browsers very soon by showing degraded visual indicators.

Fortunately, SHA-2 replacement certificates are available and much stronger to protect your website. Join us for this webinar to learn:
-Key dates for replacing SHA-1 certificates
-How you can get a stronger SHA-2 certificate at no extra cost
-How to replace your certificate

We'll also highlight how Symantec is helping you stay ahead of internet threats and keeping your business secure.

Organizations have long struggled to find objective ways to measure and compare performance, leaving many executives to trust metrics and data points that may not be painting the clearest picture of security posture.

To highlight this issue, BitSight recently surveyed over 300 IT executives in 4 major industries to assess their confidence in their security performance. We then compared responses to our own security ratings data, which measures effectiveness across key performance areas including security events, configurations, and user behaviors.

In this webinar, BitSight EVP of Sales & Marketing Tom Turner takes a deeper look into these fidings and discusses the business implications of optimism bias.

Download this webinar to learn:

How security performance varies among Finance, Healthcare, Retail, and Energy/Utilities
Whether optimism bias exists in these industries and how it may be affecting overall security performance
Why continuous performance monitoring should be a critical component of enterprise risk management and how leading organizations are using BitSight Security Ratings to manage their cyber risk

NTT Com Security would like to invite you to join us and our partner LogRhythm on July 28th, 2015 from 2:00-3:00 p.m. EST for a webinar addressing the current and ongoing cyber-threat to Financial and Insurance institutions.

By now you've probably heard about new ransomware threats like CryptoWall, which encrypts your data and demands payment to unlock it. These threats are delivered via malicious email attachments or websites, and once they execute and connect to an external command and control server, they start to encrypt files throughout your network. Therefore, spotting infections quickly can limit the damage.

AlienVault USM uses several built-in security controls working in unison to detect ransomware like CryptoWall, usually as soon as it attempts to connect to the hackers’ command and control server. How does it all work? Join us for a live demo that will show how AlienVault USM detects these threats quickly, saving you valuable clean up time by limiting the damage from the attack.
You'll learn:
How AlienVault USM detects communications with the command and control server
How the behavior is correlated with other signs of trouble to alert you of the threat
Immediate steps you need to take to stop the threat and limit the damage

Cybersecurity is a top concern for IT professionals. Gartner expert Lawrence Orans leads an important discussion of the current cybersecurity landscape. He analyzes recent cybersecurity events, emerging threats, and how new technologies are affecting the security calculus.

Mr. Inglis retired from the Department of Defense in January 2014 following over 41 years of federal service, including 28 years at NSA and seven and a half years as its senior civilian and Deputy Director. Mr. Inglis began his career at NSA as a computer scientist within the National Computer Security Center followed by tours in information assurance, policy, time-sensitive operations, and signals intelligence organizations. Promoted to NSA's Senior Executive Service in 1997, he held a variety of senior leadership assignments and twice served away from NSA Headquarters, first as a visiting professor of computer science at the U.S. Military Academy (1991-1992) and later as the U.S. Special Liaison to the United Kingdom (2003-2006).

Informatica launches the BOST Toolkit for Enterprise Architects. Please join us for a webinar on the details of the BOST Toolkit offering, why Informatica has invested and is launching a solution for Enterprise Architects, and how this offering helps you realize accelerated value in the Informatica Intelligent Data Platform.

Cybercrime impacts millions of people around the world. David Finn, Executive Director of the Microsoft Digital Crimes Unit, gives you a behind the scenes look at how Microsoft is going on the offensive to stop criminals, refer perpetrators to law enforcement, and create a safe digital world.

In this era of SaaS, moving your IT Service Desk and Identity Management to the cloud reduces operational friction and moves your business faster. Managing service requests and quickly closing tickets directly impact productivity and employee satisfaction. By bringing ITSM and IAM together in the cloud, IT can reduce time consuming manual tasks and streamline access controls.

Join Ryan van Biljon from Samanage and Chip Epps from OneLogin for an overview of contemporary service request management practices, including:

Joel Daly, Founder and EVP of Sales of HOSTING will discuss ways healthcare CIOs can leverage new business models to realize increased technology efficiencies, enable information-driven decisions and improve patient service. This session will draw upon real world case studies from Uber and the nation’s leading behavioral health organization to illustrate how healthcare CIOs can learn from other industry players to successfully meet today’s challenges including: management of data convergence, HIPAA compliance, mobile (BYOD) integration and securing protected health information (PHI) from sophisticated cyberattacks and breaches – all while meeting high patient expectations and adhering to best practices prescribed by the IHI Triple Aim.

SAP environments continue to increase in both size and complexity, spanning multi-platforms and cross-enterprise processes. To efficiently manage workloads within those environments, you need to remove the constraints that impact performance and business results. Success requires a smooth way to analyze your system environment and gather operational data from your application environments.

Reduce workload pressure. Join Roy Illsley, Principal Analyst Infrastructure Solutions at Ovum and Karthik Mahadevan, Sr. Principal Product Manager from CA Technologies as they examine how SAP Administrators can take advantage of automation tools. Find out how you can easily manage and monitor job scheduling for both SAP and non-SAP processes.

Digital initiatives are very cross-functional by nature. Gaining and maintaining alignment on priorities can be quite difficult, particularly given the fast pace of retail and siloed nature of most retail organizations. Thus, the drive to achieve business benefits from digital initiatives can be elusive. In this webinar, we will discuss importance of governance and managing digital initiatives as a portfolio.

Attendees will learn:
•Leading practices for driving alignment on digital priorities
•How to ensure digital efforts meet changing business needs and lead to business benefits (both near-term and longer term).

This event qualifies for Project Management Institute (PMI) 1 Professional Development Unit (PDU).

In accordance with its Privacy Policy, CA Technologies may disclose your registration information with its partner(s) which assist with this presentation. For more information about CA’s disclosure practices, please visit the CA Privacy Notice here http://www.ca.com/us/privacy.aspx.

Join us on August 11th to gain expert advice on enterprise application and mobile security. Here you will learn market dynamics, possible risks and effective solutions you can use while working within your budget.

Decades of experience in fighting cybercrimes has greatly informed how Microsoft develops products. Michael Quinn (General Manager, Cybersecurity & Data Protection, Microsoft) discusses the features, policies, and practices that make the Microsoft Cloud so secure and set it apart from other options on the market.

In 2014, Forrester Research saw a significant shift in customers’ awareness of cybersecurity risks. In response, Forrester has developed strategic and tactical recommendations for enterprise security programs in a March 2015 report entitled “Twelve Recommendations For Your Security Program In 2015.” In this webcast, guest speaker Rick Holland from Forrester and Webroot’s David Dufour will review and discuss those recommendations, with a particular focus on the use of big data and threat intelligence, and the impact of IoT.

The old school of cyber defense emphasized securing infrastructure and restricting data flows, but data needs to run freely to power our organizations. The new school of cyber defense calls for security that is agile and intelligent. It emphasizes protecting the interactions between our users, our applications, and our data.

The world has changed, and we must change the way we secure it. Join Frank Mong, VP & General Manager of Security Solutions, and hear why you need to secure your: Cloud services, data (wherever it is), and apps (wherever they run).

45% of businesses surveyed said that they had experienced a data loss in 2014. Downtime can come from any direction, in any form, at any time. Astonishingly, three-quarters of IT professionals say that they have never calculated the hourly cost of downtime.

Join Mark Scanlon as he explores how you can reduce the impact of downtime on your business to near zero, whilst making it easier for you to manage your systems.

In this webcast, we will cover a few steps you could take to identify and filter on key events and/or vulnerabilities and quickly alert the proper staff to take action before the attackers do. We will show you how to deploy rules (whitelists and blacklists), set the system to detect important changes (new hosts, nearly expired certificates, etc), as well as deliver alerts to any users or systems that need to know.

Every profession has tools fundamental to its trade, each of which needs to be reviewed and sharpened regularly to ensure they remain effective. The risk register, matrix and bow-tie are three such tools within risk management. This one-hour webinar will provide tips on how to optimise each of these critical risk tools and tailor them to your organisation.

Learn how Microsoft puts all the pieces together internally to keep its organization safe. Bret Arsenault, Microsoft Chief Information Security Officer, gives you a complete rundown, from products to policies, and explains how they are implemented to ensure security at Microsoft.